fix: align CIDR check rules with their title #307
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@tamirkiviti13 do you have any feedback about this? |
|
@itaysk |
itaysk
reviewed
Jan 15, 2025
There was a problem hiding this comment.
- if we change the meaning of some check, should we also change the "short name" etc?
- do we no longer need the CIDR functions in Go?
- since we are changing the meaning of some checks, I wonder if we should revisit the severity too.
- additional discussion about check for unrestricted vs public in the original discussion: fix(misconf): improve CIDR related checks trivy#8184 (comment)
|
short names, or any identifier for that matter should be kept unique and unchanged to ensure we don't cause any unexpected breakage. We would have to deprecate this and introduce a new check if change of names is desired. |
simar7
reviewed
Jan 16, 2025
| # title: Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389. | ||
| # title: Network ACLs should not allow ingress from the public internet to port 22 or port 3389. |
There was a problem hiding this comment.
I think /0 is much more straight forward to understand technically, than the public internet.
There was a problem hiding this comment.
what do you think of “any IP address”?
There was a problem hiding this comment.
maybe "should not allow unrestricted ingress" ?
Signed-off-by: Nikita Pivkin <[email protected]>
nikpivkin
changed the title
Signed-off-by: Nikita Pivkin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issues:
Checks that require restricting access to or from any IP address now check only this condition. In addition, the titles, descriptions, and messages for all such checks have been unified.